<?php
session_start();
error_reporting(0);
set_magic_quotes_runtime(0);
//Define a mysql user in the place that it says quonadmin
define('DB_USER', 'quonadmin');
//Define a mysql password in the place that it says gabagabahey12
define('DB_PASSWORD', 'gabagabahey12');
//Define your host for the mysql server
define('DB_HOST', 'localhost');
//Define your mysql database name
define('DB_NAME', 'quon');
$dbc = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die(mysql_error());
mysql_select_db(DB_NAME);

function escape_data($data){
    global $dbc;
    return mysql_escape_string ($data);
}

function unescape_data($data){
    return $data;
}
function formatPhone($phone) {
   if (empty($phone)){ return "";}
   if (strlen($phone) == 7){
       sscanf($phone, "%3s%4s", $prefix, $exchange);
   }else if (strlen($phone) == 10){
       sscanf($phone, "%3s%3s%4s", $area, $prefix, $exchange);
   }else if (strlen($phone) > 10){
       sscanf($phone, "%3s%3s%4s%s", $area, $prefix, $exchange, $extension);
   }else{
       return "unknown phone format: $phone";
  }
   $out = "";
   $out .= isset($area) ? '(' . $area . ') ' : "";
   $out .= $prefix . '-' . $exchange;
   $out .= isset($extension) ? ' x' . $extension : "";
   return $out;
}

if ($_SESSION['admin'] == 1){
    if(strlen($_GET['delmovie'])>0){
        $delmoviequery = "DELETE FROM movie WHERE id=" . $_GET['delmovie'];
        $delmovieresult = @mysql_query($delmoviequery);
        $delmoviequery = "DELETE FROM checkout WHERE movieid=" . $_GET['delmovie'];
        $delmovieresult = @mysql_query($delmoviequery);
        $delmoviequery = "DELETE FROM picture WHERE movieid=" . $_GET['delmovie'];
        $delmovieresult = @mysql_query($delmoviequery);
        $delmoviequery = "DELETE FROM actormovie WHERE movieid=" . $_GET['delmovie'];
        $delmovieresult = @mysql_query($delmoviequery);  
    }
}


function showmovie($movieid){
	$out = "";
	$querymovie = "SELECT * FROM movie WHERE id=" . $movieid;
	$resultmovie = mysql_query($querymovie);
	while($rowmovie = mysql_fetch_array($resultmovie)){
		$gquery = "SELECT * FROM genre WHERE id=" . $rowmovie['genre'];
		$gresult = mysql_query($gquery);
		$tquery = "SELECT * FROM type WHERE id=" . $rowmovie['type'];
		$tresult = mysql_query($tquery);
		$pquery = "SELECT * FROM picture WHERE movieid=" . $rowmovie['id'];
		$presult = mysql_query($pquery);
		$aquery = "SELECT * FROM actormovie WHERE movieid=" . $rowmovie['id'];
		$aresult = mysql_query($aquery);
		$out .= "<BR><TABLE CELLPADDING=0 CELLSPACING=0>";
		$out .= "<TR><TD width=\"120\">";
		while($picrow = mysql_fetch_array($presult)){
		$out .= "<IMG SRC=\"pics/" . $picrow['id'] . "." . $picrow['ext'] . "\" width=\"120\">";
		}
		$out .= "</TD><TD>";
		$out .= "<A HREF=\"moviepage.php?id=" . $movieid . "\"><FONT FACE=\"Verdana\" size=\"4\" Color=000000>" . unescape_data($rowmovie['name']) . "</FONT></A><BR><BR>";
		$out .= "<FONT FACE=\"Verdana\" size=\"-1\" Color=000000>" . strtoupper(unescape_data($rowmovie['rating'])) . " | " . unescape_data($rowmovie['year']) .  "</FONT><BR>";
		$out .= "<FONT FACE=\"Verdana\" size=\"-1\" Color=000000>running time: " . unescape_data($rowmovie['runningtime']) . "</FONT><BR>";
		$out .= "<FONT FACE=\"Verdana\" size=\"-1\" Color=000000>genre: ";
		while($grow = mysql_fetch_array($gresult)){
		$out .= "<A HREF=\"viewgenre.php?id=" . $grow['id'] . "\"><FONT FACE=\"Verdana\" size=\"-1\" Color=000000>" . unescape_data($grow['name']) . "</FONT></A>";
		}
		$out .= "</FONT><BR>";
		$out .= "<FONT FACE=\"Verdana\" size=\"-1\" Color=000000>type: ";
		while($trow = mysql_fetch_array($tresult)){
		$out .= "<FONT FACE=\"Verdana\" size=\"-1\" Color=000000>" . unescape_data($trow['name']) . "</FONT>";
		}
		$out .= "</FONT><BR>";
		$out .= "<FONT FACE=\"Verdana\" size=\"-1\" Color=000000>staring: ";
		$toga = 0;
		while($arow = mysql_fetch_array($aresult)){
			$anamequery = "SELECT * FROM actor WHERE id=". $arow['actorid'];
			$anameresult = mysql_query($anamequery);
			
			while($anamerow = mysql_fetch_array($anameresult)){
				if (!$toga==0){
				$out .= ", ";
				}
				$out .= "<A HREF=\"viewactor.php?id=" . $anamerow['id'] . "\"><FONT FACE=\"Verdana\" size=-1 color=000000>" . unescape_data($anamerow['name']) . "</FONT></A>";
				$toga = 1;
			}
		}
		$out .= "</FONT>";
		$checkoutquery =  "SELECT * FROM checkout WHERE movieid=" . $movieid;
		$checkoutresult = mysql_query($checkoutquery);
		if(mysql_num_rows($checkoutresult) > 0){
			$checkoutrow = mysql_fetch_array($checkoutresult);
			if ($checkoutrow['usersid'] == $_SESSION['userid']){
								$out .= "<BR><FONT FACE=\"Verdana\" size=\"-1\" Color=\"red\">";
				$out .= "Please return this movie!";
				$out .= "</FONT>";
				}else{
								$out .= "<BR><FONT FACE=\"Verdana\" size=\"-1\" Color=\"red\">";
				$out .= "This movie is checked out!";
				$out .= "</FONT>";


			}
		}
		if ($_SESSION['admin'] == 1){
		$out .= "<BR><A HREF=\"addmovie.php?id=" . $movieid . "\"><FONT FACE=\"Verdana\" size=\"-1\" Color=000000>edit</FONT></A><FONT FACE=\"Verdana\" size=\"-1\" Color=000000> | </FONT><A HREF=\"" . $_SERVER['PHP_SELF'] . "?delmovie=" . $movieid . "\"><FONT FACE=\"Verdana\" size=\"-1\" Color=000000>delete</FONT></A><FONT FACE=\"Verdana\" size=\"-1\" Color=000000> | </FONT><A HREF=\"checkout.php?id=" . $movieid . "\"><FONT FACE=\"Verdana\" size=\"-1\" Color=000000>check-out</FONT></A><FONT FACE=\"Verdana\" size=\"-1\" Color=000000> | </FONT><A HREF=\"checkin.php?id=" . $movieid . "\"><FONT FACE=\"Verdana\" size=\"-1\" Color=000000>check-in</FONT></A><FONT FACE=\"Verdana\" size=\"-1\" Color=000000> | </FONT><A HREF=\"barcode.php?id=" . $movieid . "\"><FONT FACE=\"Verdana\" size=\"-1\" Color=000000>label</FONT></A>";
		}
		$out .= "</TD></TABLE><BR>";
	}
	return $out;
}


$querychecksystem = "SELECT * FROM system";
$resultchecksystem = mysql_query($querychecksystem);
while($resultcheckrow = mysql_fetch_array($resultchecksystem)){
    $accountreg = $resultcheckrow['accounts'];
}

?>